Navigating HIPAA Regulations in Web Environments, and Social Media

1
HIPAA COMPLIANCE FOR
WEB SITES SOCIAL MEDIA NEW - TRACKING
TECHNOLOGIES AND PATIENT REVIEWS
PRESENTED BY PAUL R. HALES, J.D.
EDUCATIONAL WEBINAR
www.thehipaaetool.com
2
HIPAA Rules - Web Sites, Social Media Patient
Reviews
PAUL R. HALES ATTORNEY AT LAW
Health Information HIPAA Protecting Patient
Privacy is Our Job Legal Education Not Legal
Advice AttorneyHales.com _at_hipaaetool 314-534-3534
PaulHales_at_AttorneyHales.com
www.thehipaaetool.com
3
HIPAA Rules - Web Sites, Social Media Patient
Reviews
What Are We Going to Cover? Why is this
Important? HIPAA Rules for Web Sites and Social
Media Web Sites Subject to HIPAA Rules Covered
Entitys Web Site Covered Entitys Social Media
Web Site 2 Simple Web Site Safeguards Major New
HIPAA Web Site Liability Tracking
Technologies How to Avoid Tracking Tech
Liability HIPAA Rules covering Patient Reviews
How Patient Reviews Violate HIPAA Simple Patient
Review Safeguards
www.thehipaaetool.com
4
HIPAA Rules - Web Sites, Social Media Patient
Reviews
2024 OCR HIPAA Compliance Audits HIPAA
Compliance Audits are Back February 20, 2024 The
HHS Office for Civil Rights (OCR) announced HIPAA
compliance audits resume in 2024 in line with a
ramped-up enforcement program. They're Back HHS
OCR Plans to Resurrect Random HIPAA
Audits February 13, 2024 The HIPAA audits - and
the planned potential update to the HIPAA
security rule - help round out HHS' evolving
strategy to push healthcare sector entities into
implementing stronger cybersecurity programs.
www.thehipaaetool.com
5
HIPAA Rules - Web Sites, Social Media Patient
Reviews
FOR IMMEDIATE RELEASE June 5, 2023 HHS Office
for Civil Rights Reaches Agreement with Health
Care Provider in New Jersey That Disclosed
Patient Information in Response to Negative
Online Reviews New Jersey psychiatry practice
pays 30,000 to settle complaint about
impermissible disclosure of protected health
information by disclosing this information in
online review OCR continues to receive complaints
about health care providers disclosing
their patients protected health information on
social media or on the internet in response to
negative reviews. Simply put, this is not
allowed, said OCR Director Melanie Fontes
Rainer. The HIPAA Privacy Rule expressly
protects patients from this type of activity,
which is a clear violation of both patient trust
and the law. OCR will investigate and take action
when we learn of such impermissible disclosures,
no matter how large or small the organization.
www.thehipaaetool.com
6
The Internet
HIPAA Rules - Web Sites, Social Media Patient
Reviews Highly Visible ?
Provider Web Sites Provider Social Media
Patient Reviews
www.thehipaaetool.com
7
HIPAA Rules - Web Sites, Social Media Patient
Reviews

• Why Protecting PHI Privacy is Essential
• Medical Identity Theft Criminal Black Market
• Criminals Attack People of All Ages All Walks
  of Life
• Social Engineering
• Clever Scripts Messages
• Vishing
• Phishing
• Smishing
• Quishing Malicious QR Codes FBI

www.thehipaaetool.com
8
HIPAA Rules - Web Sites, Social Media Patient
Reviews
Facebook
Web Sites subject to HIPAA Rules
The Hospitals Facebook Web Site Hospitals,
both facilities, provide comprehensive inpatient
and outpatient services that serve the
larger Community.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXX
XXXXXXXXXXXXXXX
Services at include
Cancer Center, Breast
XXXXXXXXXXXXXXXX
the XXXXXXXXXXX
Health and Womens Center, the Cardiology Center,
and the Outpatient Surgery and Endoscopy
Center. Services at include general surgery,
disease management and prevention, comprehensive
womens services and a pediatric emergency
department in partnership with . Compassion - We
promise to care about you. Respect - We promise
to treat you with dignity. covered entity's
customer services or benefits
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
www.thehipaaetool.com
9
HIPAA Rules - Web Sites, Social Media Patient
Reviews

• Safeguard 2 Before posting PHI Get a Valid
  HIPAA Authorization
• Facebook Posts by Patients and Others
• You'll need to be an admin to control what
  visitors can post on your Page.
• To control what visitors can post on your Page
• Click Settings at the top of your Page.
• From General, click Visitor Posts.
• Select Allow visitors to the Page to publish
  posts or Disable posts by other people on the
  Page.
• If you allow visitors to publish posts, you can
  choose to
• Allow photo and video posts
• Review posts by other people before they're
  published to the Page

www.thehipaaetool.com
10
HIPAA Rules - Web Sites, Social Media Patient
Reviews

• Tracking Technologies Background What is
  Tracking Technology?
• OCRs Description
• Tracking technologies are used to collect and
  analyze information about how users interact
  with regulated entities websites or mobile
  applications (apps).
• Key Points
• Tracking Technologies are complex
• There are many types of Tracking Technologies
• Until 2022, Tracking Technology functions and
  risks were largely unknown to Health Care
  Provider senior management and
• compliance officials

www.thehipaaetool.com
11
HIPAA Rules - Web Sites, Social Media Patient
Reviews

• How to Avoid Tracking Tech Liability Due
  Diligence
• Careful Audit (Risk Analysis) All Your
  Organizations Web Sites
• Identify Tracking Technology Locations
  Inclusive, Multi-Specialty Expert Audit Team
• Information Technology and Security
• Privacy/Compliance
• Legal
• Marketing in house and Marketing Consultants
  and Vendors
• Senior Management
• Others as necessary and appropriate

www.thehipaaetool.com
12
HIPAA Rules - Web Sites, Social Media Patient
Reviews

• How to Avoid Tracking Tech Liability Due
  Diligence
• Risk Management
• Remove all Tracking Technology
• Google Analytics Facebook provide instructions
• Develop and implement Policies and Procedures to
• Regularly Monitor Websites, Apps, and locations
  of Tracking Tech
• Vett (Due Diligence) all vendors
• Web Site Builders
• Patient Engagement Specialists
• Marketing Consultants
• Review Regularly HIPAA Compliance is a Process

www.thehipaaetool.com
13
HIPAA Rules - Web Sites, Social Media Patient
Reviews
In conclusion, we have covered Why this is
Important HIPAA Rules for Web Sites and Social
Media Web Sites Subject to HIPAA Rules Covered
Entitys Web Site Covered Entitys Social Media
Web Site 2 Simple Web Site Safeguards Major New
HIPAA Web Site Liability Tracking
Technologies How to Avoid Tracking Tech
Liability HIPAA Rules covering Patient
Reviews How Patient Reviews Violate HIPAA
Simple Patient Review Safeguards
www.thehipaaetool.com
14
HIPAA Rules - Web Sites, Social Media Patient
Reviews
Thank You Paul Hales, J. D.
Register Now
PaulHales_at_AttorneyHales.com 314-534-3534
www.thehipaaetool.com